Interpretation Conflict in GitLab Enterprise Edition and Gitlab Community Edition - CVE-2025-12506
Published: July 8, 2026
GitLab Enterprise Edition
Gitlab Community Edition
Detailed vulnerability description
The vulnerability allows a remote user to cause the web interface to display content that differs from the content available for download.
The vulnerability exists due to improper handling of Git reference name resolution in tag or branch reference handling when resolving Git reference names. A remote user can create a repository with ambiguous references to cause the web interface to display content that differs from the content available for download.
User interaction is required to rely on the web interface content.